Why smart people in organizations too often mismanage Risks and make bad decisions?

Menu

Sony Reputational Nightmare: How to piss off 77 millions customers!

A major hack attacks resulting in tens of millions of your customer’s information including credit card details to be compromised and forcing your organization to shutdown your main online money-making system should be one of your worst nightmares.

Well that is precisely what has been happening to SONY recently. At the time of this post, not only are the PlayStation other SONY online gaming networks have been offline for weeks, but millions of PS users’s credit cards details have been stolen.

I would like to take this opportunity in the context of SONY’s crisis to look at some important crisis management principles that if implemented properly will help your organization to manage crises more effectively by helping you in many occasions to prevent them or at least control them avoiding escalation into a full-blown disaster.

Firstly understand your customers’ perception about risk. We should stress that most people are not expecting zero risk, they understand that in today’s world, that kind of things are bound to occur much more often than you usually imagine. And especially in the case of IT risks, it is clear that given the appropriate amount of time and resources, hackers can potentially penetrate any systems not matter how secure they may be.

When that happens, customers will be looking at how you handle such situations… This is actually what you did before, during and after the event that can really make or break your organization!

Not surprisingly, SONY is now under continuous and tight scrutiny. Did they do enough to preventively protect the information of their customers? What went wrong and why? Did they communicate appropriately when the hack was uncovered? And what actions SONY management took to repair the damages?

Once it became evident that a major security breach had occurred, Sony obviously made the right decision when they chose to take down their online services to avoid further damages while they figure out what happened, clear the mess and fix the holes.

However many customers complained about the way SONY handled the crisis so far saying that they should have been more forthcoming from the start. It indeed took SONY one week after shutting down their systems to warn their customers that critical financial information may have been compromised. This is too long! It gave the impression that they were thinking more at their interests at the expenses the one of their customers. And that is not acceptable! SONY also tried to pose itself as victim of the ‘bad’ Anonymous hackers. Well, dear SONY management, you should understand that from your customers’ perspective, they are the real victims: their credit card details have been compromised and most importantly they cannot PLAY anymore. During a crisis, customers will be further inflamed if the realized that the organization has been negligent (SONY did not seem to have a proper breach alert mechanism) and focused on their self-interest putting other at risk as a result.

Secondly, restore your critical operational and business processes: as long as SONY gaming and video systems are offline, it means that to its multi-millions users, PS3 is now nothing more than a stand-alone Blu-Ray console player.

Even if SONY had managed the crisis communication better, many PlayStation users suffering from withdrawal syndromes after weeks without playing. There will come a time when they will unplug and stick the PS console in a box in the storeroom. Then they will go buy an XBOX to play WoW instead. Every day passing by, SONY is loosing customers.

Actually, I am willing to predict that if SONY is not able to restore it online systems within a week, they will loose millions of customers. In the worse case scenario, if there is a longer delay, it could potentially be a critical blow to SONY online gaming business that they will find very difficult to recover from. As once former PS users have moved to a new platform, Sony will NOT be able to get them back easily.

Finally, rebuild trust with your customers. SONY ill need to improve their Online system security and they will need to COMPENSATE their customers to pacify them and show that they take responsibility for what happened. This a tricky decision as if the compensation is perceived as being inadequate, it will further inflame SONY’s customers. So in this case, the best form of compensation should be designed to encourage the customers to use SONY online platform such as free credits to be used at the online PS store. That would work a long way to win back the hearts of avid gamers.

SONY does not have a lot of time left to do the right things.. We will see soon what happens!